Scripts for macOS managed by Workspace ONE UEM supports using Bash, Python 3, or Zsh to run code on end user devices. Integrate Scripts with the Workspace ONE Intelligent Hub for macOS and enable self-service to Scripts for your users.

  • Currently Scripts functionality is in Technical Preview state and the feature may not be available in your environment.
  • New UEM infrastructure (also required for Freestyle Orchestrator) must be enabled in your environment to support Script creation, deployment, and tracking, including use in Freestyle Orchestrator workflows. For more information, see Freestyle Orchestrator Guide.
  • Workspace ONE UEM enables this configuration for SaaS customers. VMware is working on the solution for On-Premises environments, but until released, the Scripts functionality will not be available for On-Premises deployments.
  • In addition to the required UEM infrastructure, Scripts functionality requires Intelligent Hub 20.10+ and Workflow Engine 20.10+ for macOS.

Scripts functionality requires Intelligent Hub 20.10 and Workflow Engine 20.10 for macOS.


  1. In the Workspace ONE UEM console, navigate to Resources > Scripts > Add.
  2. Select macOS.
  3. Configure the script settings for the General tab.
    Settings Description
    Name Enter a name for the script
    Description Enter a description for the script
    App Catalog customization(Optional) Enable offering self-service access to Scripts in the Workspace ONE Intelligent Hub catalog.
    • Display Name - Enter the name that users see in the catalog.
    • Display Description - Enter a brief description of what the script does.
    • Icon - Upload an icon for the script.
    • Category - Select a category for the script. Categories help users filter apps in the catalog.

      Although you have completed the settings for the script in the catalog, there is another configuration to set to display your script in the Workspace ONE Intelligent Hub. When you assign the script to devices, enable the Show in Hub menu item or these customizations do not display in the catalog.

  4. Click Next.
  5. Configure the script settings for the Details tab.
    Settings Description
    Language Enter the scripting language. Select either Bash, Python 3 or Zsh.
    Execution Context This setting controls whether the script runs in the user or system context.
    Timeout In case the script gets looped or is unresponsive for some reason, enter a length of time in seconds for the system to run the script and then stop.
    Code Upload a script or write your own in the text box provided.
  6. Click Next.
  7. In the Variables tab, configure key and value pairs to be accessible in the scripting environment:

    Add static values, such as API keys, service account names or password by providing the key and the value of the variable. Or, add dynamic UEM lookup values such as {enrollmentuser} by providing a key name and then selecting the lookup value icon. To use variables in a Bash/Zsh script, reference the variable directly by name using $myvariable. To use variables in a Python 3 script, you must first import the os module, then use the getenv method like os.getenv('myvariable').

    For instance, if the variable definition has a key named SystemAccount and a value of admin01, the script can assign the variable to a script-variable, named account as shown below:
    $account = $SystemAccount
    Python 3
    import os
  8. Click Save.

    You have successfully created a Script.

What to do next

After creating Scripts, you can assign it to smart groups.

  1. To assign the script to a smart group, select a script from the Scripts page, and click Assign.
  2. Click New Assignment and enter Assignment Name and select the smart group. Click Next.
  3. In the Deployment page, select any of the following triggers:
    Settings Description
    Run Periodically Run the script at a scheduled time. Enter the schedule for every 4/6/8/12 hours.
    Run Once Immediately Run the script on all currently enrolled assigned devices automatically once deployed. Run the script immediately after a device is enrolled.
    Login Run the script at login.
    Logout Run the script at logout.
    Startup Run the script at startup.
    Network Change Run the script at the occurrence of network changes.
  4. Enable Show In Hub (optional) to show your App Catalog Customization settings for the script in the Workspace ONE Intelligent Hub. You can deactivate this option to hide a script from assigned smart groups in the catalog.
  5. Click Save.

You have successfully assigned a Script to a smart group and added triggers.